Instruction/data protection employing derived obscuring instruction/data
First Claim
1. A computer implemented method for protecting a sequence of computer instructions comprising:
- preparing first obscuring instructions having associated identification codes;
serializing the sequence of computer instructions;
transforming a first set of the obscuring instruction identification codes associated with some or all of the first obscuring instructions to generate a second set of obscuring instruction identification codes;
generating second obscuring instructions using the second set of obscuring instruction identification codes; and
injecting the second obscuring instructions into the serialized sequence of computer instructions.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus are described for protecting critical computer software and/or data with a large amount of obscuring instructions and or data to the extent that observing and understanding the obscured instructions and/or data is not humanly feasible. In a preferred method of obscuring software, a bank of obscuring instructions is prepared, a large number of obscuring instructions are selected from the bank and injected in the software code to be protected and a static image of the obscured sequence of code is encrypted and/or compressed. At execution, the obscured instructions are executed one at a time to make run time tracing a labor intensive process.
47 Citations
24 Claims
-
1. A computer implemented method for protecting a sequence of computer instructions comprising:
-
preparing first obscuring instructions having associated identification codes; serializing the sequence of computer instructions;
transforming a first set of the obscuring instruction identification codes associated with some or all of the first obscuring instructions to generate a second set of obscuring instruction identification codes;generating second obscuring instructions using the second set of obscuring instruction identification codes; and injecting the second obscuring instructions into the serialized sequence of computer instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer implemented method for protecting a data file comprising:
-
preparing first obscuring data; injecting second obscuring data into a plurality of locations in the data file using an automated process and the first obscuring data, to organize the data of the data file into a plurality of obscured data blocks, with each of the obscured data block having a portion of the data and one or more obscuring data; and successively and recursively encrypting the obscured data blocks into a plurality of encrypted obscured data blocks that are successively nested, using a plurality of encrypted keys, with at least the second inner most nested encrypted obscured data block including the inner most nested encrypted obscured data block, an encryption key used in the generation of the inner most nested encrypted obscured data block, and a portion of the data. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. Apparatus for protecting a sequence of computer instructions, comprising:
-
means for storing first obscuring instructions; means for serializing the sequence of computer instructions; and means for automatically injecting second obscuring instructions and a plurality of copies of a runtime manager into the sequence of computer instructions, using the first obscuring instructions and the runtime manager respectively; wherein the means of injecting are adapted to systematically inject the second obscuring instructions and copies of a runtime manager into the serialized sequence of instructions to form a plurality of nested obscured instruction blocks. - View Dependent Claims (17, 18, 19)
-
-
20. Apparatus for protecting a sequence of computer instructions comprising:
-
an obscuring instruction bank to store obscuring instructions, each of which is identified by an obscuring instruction identification code; a transformation function bank to store transformation functions adapted to transform obscuring instruction identification codes; and a generator functionally coupled to the obscuring instruction bank and the transformation function bank to generate blocks of obscuring instructions by selecting identification codes of the obscuring instructions stored in obscuring instruction bank, and transformation functions from the transformation function bank, apply said selected transformation functions to transform the selected obscuring instruction identification codes, and employ the transformed obscuring instruction identification codes to generate additional obscuring instructions. - View Dependent Claims (21)
-
-
22. A method for executing a plurality of critical instructions, said method comprising:
-
loading a first executable instruction block of an executable module, the first executable instruction block having one or more of the critical instructions, and the executable module further having a plurality of nested encrypted executable instruction blocks having the remaining of the critical instructions that were generated through successive and recursive encryption, and executing the loaded first executable instruction block, including loading the plurality of nested encrypted executable instruction blocks having a first remainder of the critical instructions, retrieving a first decryption key from the loaded plurality of nested encrypted executable instruction blocks, decrypting the loaded plurality of nested encrypted executable instruction blocks once to recover a second executable instruction block and a first remainder of the plurality of nested encrypted executable instruction blocks having a second remainder of the critical instructions. - View Dependent Claims (23, 24)
-
Specification